[USN-4561-1] Rack vulnerabilities

Eduardo Barretto eduardo.barretto at canonical.com
Wed Sep 30 19:57:39 UTC 2020

Ubuntu Security Notice USN-4561-1
September 30, 2020

ruby-rack vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS


Rack could be made to expose sensitive information over the network.

Software Description:
- ruby-rack: modular Ruby webserver interface


It was discovered that Rack incorrectly handled certain paths. An attacker
could possibly use this issue to obtain sensitive information.

It was discovered that Rack incorrectly validated cookies. An attacker
could possibly use this issue to forge a secure cookie. (CVE-2020-8184)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  ruby-rack                       1.6.4-4ubuntu0.2

In general, a standard system update will make all the necessary changes.

  CVE-2020-8161, CVE-2020-8184

Package Information:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20200930/273140c2/attachment.sig>

More information about the ubuntu-security-announce mailing list